b'                        U.S. Environmental Protection Agency \t                                                  12-P-0220\n                                                                                                          January 20, 2012\n                        Office of Inspector General\n\n\n                        At a Glance\nWhy We Did This Review              Region 10 Technical and Computer Room\nThe U.S. Environmental\n                                    Security Vulnerabilities Increase Risk to\nProtection Agency (EPA)             EPA\xe2\x80\x99s Network\nOffice of Inspector General\n(OIG) conducted this audit to        What We Found\nidentify technical\nvulnerabilities associated with     OIG technical vulnerability scans conducted at Region 10 headquarters revealed\nthe Agency\xe2\x80\x99s network devices        a multitude of high-risk and medium-risk vulnerabilities. These vulnerabilities\nlocated in EPA\xe2\x80\x99s Region 10          were identified on Region 10 servers, printers, and/or desktops. The exploitation\nheadquarters building, and to       of unidentified and unremediated vulnerabilities could greatly impact the network\nassess the security posture of      security posture of Region 10 headquarters and/or the entire EPA network by\nthe Region 10 computer room.        exposing Agency data, information, and configurations to unauthorized access.\nResults of this audit were\nprovided to the appropriate         The OIG physical and environmental control review of the Region 10 computer\nEPA officials who can then          room found that sufficient protections were not in place to safeguard critical\npromptly remediate and/or           information technology assets and associated data from the risk of damage and/or\ndocument their planned actions      loss.\nto resolve the identified\ntechnical vulnerabilities and        What We Recommend\ncomputer room security\nfindings.                           We recommend that the Senior Information Official, Region 10:\n\nBackground                              \xe2\x80\xa2   Remediate high-risk and medium-risk technical vulnerabilities\n                                        \xe2\x80\xa2   Remediate physical and environmental control deficiencies\nThis audit was conducted in\nsupport of the annual audit of\n                                    The full report is not available to the public due to the sensitive nature of its\nEPA\xe2\x80\x99s compliance with the\n                                    technical findings.\nFederal Information Security\nManagement Act.\n\n\n\n\nFor further information, contact\nour Office of Congressional and\nPublic Affairs at (202) 566-2391.\n\nThe full report is at:\nwww.epa.gov/oig/reports/2012/\n20120120-12-P-0220.pdf\n\x0c'